Would you like to be a ShoeMoney Contributing Writer?

MyBlogLog Tracks Your Visitors Ad Clicks

I know we said we’d never mention MyBlogLog again, but that was before this discovery.

Maybe all the recent MBL exploits recently didn’t bother you. Maybe they seemed trivial. I don’t think people should feel the same way about this one. This isn’t even an exploit, but something that MBL is actively doing with their blog widget. If you’re not interested in the long technical version, skip to the bottom.

The first thing that happens when the browser loads the MyBlogLog javascript is the loading of another javascript file.

I started looking at this code, and I noticed something odd. Why were the urls to google adsense and YPN servers in the code? This is the piece that caught my attention. Notice that it’s ripped from a Mint plug-in that tracks ad click stats.

Upon further investigation, it looked like the MBL was tracking clicks and reporting them back. But this couldn’t be possible. So I made a test page. On it, I placed the MBL widget, an adsense block, and a link.

I loaded up the page, turned ieHTTPHeaders on, and clicked my external link. This is what I found at the top of my header log:

The bottom line is that MyBlogLog is tracking AdSense and YPN clicks too. (Update: They do show you ads clicks in MBL Pro. Not having Pro does NOT stop the tracking from loading.) Who else gets this data? I don’t know about you, but I’d rather keep my ad click stats to myself. So in your own word Eric, “On what planet is that not a bannable offense?”.

There’s more as always, but I think this is enough for one day (or year). I think I’ve assured I’ll never be hired by Yahoo!

morgan thomas

I’m not a very tech-savvy guy, but last I checked MyBlogLog Pro showed my Adsense clicks. You can even filter your outgoing links clicked by “Ads”. Did I miss something or are you talking about something else altogether?

DingBat

Dude, you are being lame. Of course they track this data, it’s one of the selling points of the Pro version. By tracking all your click data, when you do sign up they have all the interesting historic data for you to analyze.

Sour grapes on your part.

February 23, 2007

More M

I did not post my url because I don’t want to get banned but I have used YPN and mybloglog. It clearly shows clicks on my YPN ads that YPN never pays me for.

Tom

This is a pretty common practice. I can think of half a dozen sites off the top of my head that do this, and any competent developer with a few hours on their hands can pull it off. This is a blatant example of making a mountain out of an ant hill.

Gathering the data is acceptable. What they do with it from there is what could be incredibly unethical.

This privacy policy wouldn’t make my feel good about it: “Generally, MyBlogLog does not share personal information about you with other people or nonaffiliated companies without your consent except to provide products or services you’ve requested and in the following circumstances”

Hmm, if they track *every* click, why would they exclude ad clicks? Also, I’ve compared the MBL click data and AdSense click reports, and MBL is generally missing ad clicks by an order of magnitude, so if there’s anything malicious that could be done with MBL logs, they would probably tweak the click-counting techniques first.

Haha… yes because they lost your little piece of the internet, the whole 10 million is going down the tubes. Don’t be a tard, they’ll still get great data out of this and any company including google would do the same.

It is not surprise that MBL did track on external link, it even shows the adsense click from my site. Although it is not a details data, I guess this data will send back to their site as well. I have experience to see some of the adsense click.

Simply having the code to place their widget on your page will allow them to do this. As far as I’m concerned its a security flaw that you can drive a freight ship through. I’m wondering what kind of exploit a person could create if they going the trust of the public and everyone places that widget on their page? Foreign code shouldn’t be able to do that since it didn’t come from the place of origin that the page came from.

It’s just me or does this count as a violation on the Adsense Policy, as it allow MyBlogLog to know click-through rates, that by 7(b) from the Terms and Conditions we all agree on joining adsense is disclosurable?

With this don’t all the MyBlogLog users that are using the widget are putting themselves in a vulnerable position to become “terminated” by Google?

i’m not sure what i’m thinking right now . . . do I want to keep my bloglog or not . . . part of me says why they hell now since i have no traffic from my ads, so yahoo can do anything they want . . . but in the future, they’re going to know too much about the site and can manipulate ad pricing . . or something like that

I have found that MBL is really starting to do stupid stuff to get members on their free side to go to the Pro side. Stuff like not allowing but one update of a screenshot of your community. givemeafrigginbreak.com. What if you have a better one produced? You have to pay $25 to get it updated?